linux kernel 2.6.25.15 fs: pipe.c null pointer dereference

2009-11-05 / 2009-11-06
Credit: Eugene Teo eugene
Risk: High
Local: No
Remote: Yes
CVE: CVE-2009-3547
CWE: CWE-362


CVSS Base Score: 6.9/10
Impact Subscore: 10/10
Exploitability Subscore: 3.4/10
Exploit range: Local
Attack complexity: Medium
Authentication: No required
Confidentiality impact: Complete
Integrity impact: Complete
Availability impact: Complete

* a NULL pointer dereference flaw was found in each of the following functions in the Linux kernel: pipe_read_open(), pipe_write_open(), and pipe_rdwr_open(). When the mutex lock is not held, the i_pipe pointer could be released by other processes before it is used to update the pipe's reader and writer counters. This could lead to a local denial of service or privilege escalation. http://lkml.org/lkml/2009/10/14/184 http://lkml.org/lkml/2009/10/21/42 http://git.kernel.org/linus/ad3960243e55320d74195fb85c975e0a8cc4466c https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-3547 Thanks, Eugene

References:

https://rhn.redhat.com/errata/RHSA-2009-1550.html
https://rhn.redhat.com/errata/RHSA-2009-1548.html
https://rhn.redhat.com/errata/RHSA-2009-1541.html
https://rhn.redhat.com/errata/RHSA-2009-1540.html
https://bugzilla.redhat.com/show_bug.cgi?id=530490
http://www.securityfocus.com/bid/36901
http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.32-rc6
http://marc.info/?l=oss-security&m=125724568017045&w=2
http://lkml.org/lkml/2009/10/21/42
http://lkml.org/lkml/2009/10/14/184
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ad3960243e55320d74195fb85c975e0a8cc4466c


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top